tcpdump mailing list archives
decode MPLS-contained packets?
From: Gert Doering via tcpdump-workers <tcpdump-workers () lists tcpdump org>
Date: Tue, 5 May 2020 05:50:40 -0400 (EDT)
--- Begin Message --- From: Gert Doering <gert () greenie muc de>
Date: Tue, 5 May 2020 11:21:04 +0200
Hi, I need to trace "MPLS-y" stuff between some routers, and wonder if I'm missing tcpdump functionality here, namely "decode packets inside MPLS". I can match on "mpls" or "mpls <label>", but then I just get a hex dump... 11:13:58.765851 MPLS (label 105, exp 0, ttl 254) (label 24003, exp 0, [S], ttl 254) 0x0000: 0000 0000 0050 569c 338e 3cfd febd 7835 .....PV.3.<...x5 0x0010: 0800 4500 0068 1218 0000 4001 8e3b 0a1b ..E..h....@..;.. 0x0020: 6302 0a1b 630a 0800 a2ea 6e4b 0738 0000 c...c.....nK.8.. 0x0030: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0040: 0000 6c69 626f 7069 6e67 202d 2d20 4943 ..liboping.--.IC 0x0050: 4d50 2070 696e 6720 6c69 6272 6172 7920 MP.ping.library. 0x0060: 3c68 7474 703a 2f2f 6f63 746f 2e69 742f <http://octo.it/ 0x0070: 6c69 626f 7069 6e67 2f3e liboping/> ... while tshark would nicely decode the inner headers... MultiProtocol Label Switching Header, Label: 24002, Exp: 0, S: 1, TTL: 253 0000 0101 1101 1100 0010 .... .... .... = MPLS Label: 24002 .... .... .... .... .... 000. .... .... = MPLS Experimental Bits: 0 .... .... .... .... .... ...1 .... .... = MPLS Bottom Of Label Stack: 1 .... .... .... .... .... .... 1111 1101 = MPLS TTL: 253 Ethernet II, Src: Cisco_65:92:0f (00:c1:64:65:92:0f), Dst: IntelCor_bd:78:35 (3c:fd:fe:bd:78:35) ... Internet Protocol Version 4, Src: 10.27.99.34, Dst: 10.27.99.2 ... Internet Control Message Protocol Type: 0 (Echo (ping) reply) Now, I do not want to use tshark here, because it is way too chatty - for a quick live packet view ("1-3 lines per packet", so I can immediately see "ah, yes, packet went out, reply is / is not coming back") without scrolling or folding packets I like tcpdump way better... Now, the two questions: - is there a switch I'm missing to decode packets-in-MPLS? (like, "packets in GRE" get decoded already) - if not, is someone already working on it? I might just hack it in, if not... thanks :) gert -- "If was one thing all people took for granted, was conviction that if you feed honest figures into a computer, honest figures come out. Never doubted it myself till I met a computer with a sense of humor." Robert A. Heinlein, The Moon is a Harsh Mistress Gert Doering - Munich, Germany gert () greenie muc de
--- End Message ---
_______________________________________________ tcpdump-workers mailing list tcpdump-workers () lists tcpdump org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Current thread:
- decode MPLS-contained packets? Gert Doering via tcpdump-workers (May 05)
- Re: decode MPLS-contained packets? Gert Doering via tcpdump-workers (May 05)
- Re: decode MPLS-contained packets? Francois-Xavier Le Bail via tcpdump-workers (May 05)
- Message not available
- Re: decode MPLS-contained packets? Gert Doering via tcpdump-workers (May 05)
- Message not available
- Message not available
- Re: decode MPLS-contained packets? Francois-Xavier Le Bail via tcpdump-workers (May 05)
- Re: decode MPLS-contained packets? Gert Doering via tcpdump-workers (May 05)
- Message not available
- Message not available
- Message not available
- Re: decode MPLS-contained packets? Gert Doering via tcpdump-workers (May 05)
- Message not available
- Message not available
- Message not available
- Re: decode MPLS-contained packets? Francois-Xavier Le Bail via tcpdump-workers (May 05)
- Message not available
- Message not available
- Message not available
- Message not available
- Re: decode MPLS-contained packets? Gert Doering via tcpdump-workers (May 05)
- Re: decode MPLS-contained packets? Gert Doering via tcpdump-workers (May 05)
- Re: decode MPLS-contained packets? Guy Harris via tcpdump-workers (May 07)